> On May 3, 2017, at 12:15 PM, Salz, Rich <[email protected]> wrote:
>
> We disagree. And I think the concerns Colm has raised show that others are
> also in agreement.
I see all the talk of STEKs (session ticket encryption keys) breaking
forward-secrecy as FUD.
All kinds of poor implementation and/or operational practices may compromise
confidentiality,
The (mis)use of long-term STEKs is not particularly special among such
practices.
If libraries implement "long-term" STEKs, that's a library bug, not a protocol
issue.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
